Setting up your unmanaged Fedora 18 x10VPS.

[pornophobic]

I'm not very good with introductory spiel, so here are some points:

• This tutorial is not a guide for installing webmin or other control panel.
• This tutorial assumes you have a fresh install of Fedora 18 (x64 or x86) on your x10VPS.
• This tutorial will walk you through and explain steps to set up the following:
  • DNS Server (BIND 9.9) [Pt. 2]
    
  • HTTP Server (Apache 2.4)
    
  • PHP (PHP 5.4)
    
  • MySQL Server (MySQL 5.5)
    
  • Email Server (Postfix, dovecot)
  • FTP Server (vsftpd)
• This tutorial will be followed by a few other tutorials directed at a Fedora 18 x10VPS.
• For the purposes of this tutorial I will be using the IP "172.16.24.234" and the domain "example.com". These are to be replaced with the external ip of your VPS and the domain you choose to use as your master domain.
• This tutorial is provided "as is" and written as I perform the actions. If you find any mistakes, errors or have any suggestions please feel free to PM me with them and I will deal with it accordingly!

First step: Update!

It's always a good idea to run an update first. This ensures that any official bug fixes and security updates are installed.

yum -y update

Configuring DNS with BIND/named On Fedora 18

What is DNS?
DNS stands for "Domain Name System". It is used to translate domain names (example.com) to IP addresses.

What is BIND?
BIND stands for "Berkeley Internet Name Daemon" it is the most widely used DNS server on the whole entire internet.

What is named?
named (pronounced name-dee) is the main software in the BIND package. It stands for name daemon.

Registering your nameservers.
Luckily I had thought well in advance for writing this tutorial and provided instruction on how to do this here.

Back up original files!
This is an important thing to note when changing any configuration anything on Linux.
Issue these commands to back up the files we will be changing:

cp /etc/resolve.conf /etc/resolv.conf.bak

cp /etc/named.conf /etc/named.conf.bak
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak

Edit /etc/resolv.conf

Open the file with vim:

vim /etc/resolv.conf

You will see this:

nameserver 8.8.8.8
nameserver 8.8.4.4

These two lines tell Fedora where to find external DNS servers so it can resolve domains to ips when using programs like wget, yum, curl, or any other software that will need to resolve domains.
The two original IPs in this file MUST remain in this file or DNS resolution will fail.
The two IPs are also Google's public DNS servers.

You should now change it to something like this:

search example.com
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.0.1

What these changes do is tell the system to search for hosts under the domain 'example.com' in hosts or other configurations. This way, you will not need to type out 'subdomain.example.com' and can just use 'subdomain' instead.
The final line you added tells the system to also use the local name server.

Edit /etc/named.conf
In order to be accessible to the internet, you should tell named to listen on any interface.

To do this, open up named.conf in vim:

vim /etc/resolv.conf

Change the following:

      listen-on port 53 { 127.0.0.1; };
      listen-on-v6 port 53 { ::1; };

To:

        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };

This will tell named to listen on all interfaces available to it so it is now accessible on all of your IPs, should you have more than one.

In the case that you do have more than one IP, and you want named to listen on only one external IP you can change it to this instead:

      listen-on port 53 { 127.0.0.1;  172.16.24.234;};
        #listen-on-v6 port 53 { ::1;}

Make sure that localhost (127.0.0.1) is included and point to one of your IPs. The IP that you use should be the IP that you pointed your nameservers to when you registered them. Notice that the listen-on-v6 is commented out. This prevents named from listening on ipv6 because translating ipv4 to ipv6 is very outside of the scope of this article. If you do happen to know how to find your ipv6 address, then it should be entered after the ::1; entry.

NOTE:
If you are having trouble deciding on which IP to use, you can always just use the IP that shows up when you issue the following command:

ping `hostname`

In most cases, using the first example given will suffice. Using multiple IPs will be mentioned from time to time when optional.

 

[pornophobic]

Create example.com zone file

In order to named to know which domains it is working for, you must tell it in configuration file. The common practice is to have a configuration for a domain in it's own file.
Zone configurations, by default, are stored in /var/named/. This can be changed, but again, that is outside the scope of this particular tutorial.

To create a zone configuration, create the file /var/named/db.example.com.txt in vim:

vim /var/named/db.example.com.txt

NOTE:
The reason there is a ".txt" at the end of this file is because if you leave it at '.com' it will toy with the syntax highlighting in vim.

The contents of this file, which are explained in the comments should be the following:

;
; BIND data file for example.com
;


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; TTL = Time To Live                                                       ;
; Time for the record to live in DNS caches. The setting 3h means 3 hours. ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

$TTL    3h

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; SOA = Start Of Authority                                                ;
;; @ IN SOA {primary name server} {administrator email} (                 ;
;                                                                         ;
; ns1.example.com should be the first name server you registered in the   ;
; x10 client area.                                                        ;
;                                                                         ;
; admin.example.com. equates to admin@example.com enter your own email    ;
; accordingly.                                                            ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;



@      IN      SOA    ns1.example.com. admin.example.com. (

; Serial for this record.
; Usually the date in the format YYYYMMDDHH using 24 hour time.
                          2013091615
; Refresh after 3 hours
                          3h
; Retry after 1 hour
                          1h
; Expire after 1 week
                          1w
; Negative caching TTL of 1 day
                          1h )

                         
; These two entries tell the names of the nameservers.
; They should be the nameservers that you registered in the client area.
; You can add more if you have registered more in the x10 client area.
; Note that you will have to edit accordingly if you add any
; extra nameservers here.

@      IN      NS      ns1.example.com.
@      IN      NS      ns2.example.com.



; An MX record tells the internet where your email server is located.

example.com.    IN      MX      10      mail.example.com. ; MX Record.

; Point the domain example.com to the IP 172.16.24.234
example.com.    IN      A      172.16.24.234

; Point the first and second name servers to this IP
; NOTE: If you have more than one IP and have set
; NOTE: BIND up to listen on any interface
; NOTE: you can safely add a secondary IP here.
; NOTE: It is good practice, but not required.

ns1                    IN      A      172.16.24.234
ns2                    IN      A      172.16.24.234

; These are your subdomains.
; If you wish to add your own subdomains here
; (which must be done if you want them resolved)
; See the last entry for a custom subdomain that would be used for a website.

www        IN        CNAME    example.com.  ; www.example.com
mail       IN        A        172.16.24.234 ; mail.example.com
ftp        IN        CNAME    example.com.  ; ftp.example.com
img        IN        A        172.16.24.234 ; img.example.com

Add zone to /etc/named.rfc1912.zones

This file will tell named where to find the zone configurations that it should load into it's configuration. There are already some local zones configured in this file and they should remain there.

At the end of the file, add:

zone "example.com" {
  type master;
  notify no;
  allow-query { any; };
  file "db.example.com.txt";
};

Start the named service and ensure it is working

That is all as far as configuration editing goes! Hurray!

Now to start the named service, enter the command:

systemctl start named.service

If there is no output, named has started successfully which means there are no configuration
errors! Hurray times two!

Now to ensure that it is listening you can enter the command:

netstat -na | egrep 'Proto|LISTEN'

Among the output, you are looking for services listening on port 53:

tcp        0      0 172.16.24.234:53        0.0.0.0:*              LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*              LISTEN

If you see these, this means that named is now listening on port 53, the port usually assigned to DNS.

To test that dns resolution works, you should ping your domain from a your own computer. You may need to flush your DNS first. If you see something similar to this in your terminal or command prompt, then you have successfully configured your DNS server to point your domain to your shiny new VPS!

[user@mypc]# ping example.com
PING example.com (172.16.24.234) 56(84) bytes of data.
64 bytes from 172.16.24.234: icmp_seq=1 ttl=54 time=26.1 ms
64 bytes from 172.16.24.234: icmp_seq=2 ttl=54 time=26.1 ms
64 bytes from 172.16.24.234: icmp_seq=3 ttl=54 time=26.1 ms

 

[pornophobic]

Apache (httpd) initial Configuration on Fedora 18

What is HTTP?
HTTP stands for Hyper Text Transfer Protocol. It is the protocol used when viewing/hosting websites.

What is Apache?
Apache is a HTTP server. It is easily configurable and very widely used.


Configuring Apache

Apache is another piece of software that is installed out-of-the-box on your Fedora 18 x10VPS. In fact, it is probably already running!

Since we've already handled our DNS resolution, you can now open up a browser on your computer and navigate to the domain you configured. You should see something like this:

This is the default welcome page for Apache on Fedora. This means not only that your domain is configured correctly (another test, yay!), but it also means that Apache is running and accessible to the internet.

The initial configuration of Apache will be short and sweet compared to configuring DNS. I will cover configuring virtual hosts and other such stuff in a later tutorial.

Back up your httpd.conf!

httpd.conf is the main configuration for the Apache HTTP server. On your Fedora 18 x10VPS, it is located in the directory /etc/httpd/conf.

Before we begin changing the file itself, we must back it up in case anything goes wrong:

cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

Now open up the configuration file in vim:

vim /etc/httpd/conf/httpd.conf

Before you do anything else, in vim press the escape key and type the following:

:set nu

This will turn on line numbers in the editor to make navigating it a bit faster. I will be using the line numbers as though you have made the edits in each step to minimize the confusion. If you are not following this as you go, the line numbers will not be the same until you make these edits. They will be close, however.

On line 86:

86 ServerAdmin root@localhost

Replace this with your email. When we get into virtual hosts, this will be configurable per domain, but for now if something goes wrong and a user needs to contact the webmaster or server administrator, it is generally a good idea to have a contact email.

I went ahead and changed it like this:

86 #ServerAdmin root@localhost
87 ServerAdmin admin@example.com

You will notice I just commented out the previous line with a hash (#) instead of changing the value itself. This is another good practice that can save you time in troubleshooting when configuring. If you mess up, the old values that worked are right there and you wont have to start over by using your backup.

The email used does not exist as of yet. You don't have to use an email on your domain, but setting up this email among others will be covered when we get to email set up.

On line 97:

97 #ServerName www.example.com:80

Below this line enter your domain in the same format. Since I am using example.com as my domain, I will use an example using a different domain.

98 ServerName www.domain.com:80

That concludes the configuration of Apache HTTP server!

To restart the server with the new settings:

apachectl restart

Later on if and when your server is in production mode, it would be wise to test the syntax of the changes you make to any configuration before you restart Apache. This will prevent you from experiencing any down time since if you restart with errors in your configuration, Apache will fail to restart. Checking the syntax before restarting should look something like the following:

[root@test]# apachectl configtest
Syntax OK

If you don't see the Syntax OK, then it is not a good idea to restart httpd.

Now you are able to start putting files in /var/www/html to be served to the internet!
However, if you try to run any PHP scripts, you will get the source of the script and nothing else. That brings me to the next section.

 

[pornophobic]

Installing PHP/MySQL

Many web projects will require the functionality provided by these packages, and it is extremely easy to install them on your unmanaged Fedora 18 x10VPS. There is not much configuration to be done initially. That will be covered in my series of posts directed at configuring your server.

What is PHP?
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. [Source]
What is MySQL?
MySQL, the most popular Open Source SQL database management system, is developed, distributed, and supported by Oracle Corporation.
The MySQL Web site (http://www.mysql.com/) provides the latest information about MySQL software. [Source]

To install the required basics:

yum -y install mysql mysql-server php php-mysqlnd

This will install the MySQL client program, the MySQL server, the PHP binaries, and the PHP MySQL Native Driver extension for working with MySQL from within PHP scripts.

Now that the software is installed, some initial configuration is needed.
To make sure that the MySQL server starts up when the server boots and to start the service:

systemctl enable mysqld.service
systemctl start mysqld.service

Configuring the root account
Similar to your Fedora 18 x10VPS, MySQL has a root user. This user has all privileges to everything on your MySQL server. By default, when you install the MySQL server the root MySQL user has no password.

TIP:
If you want to generate a random alphanumeric password right from the command line, you can issue the command:

tr -cd '[:alnum:]' < /dev/urandom | fold -w16 | head -n1

This will give you some random string that looks something like:
3uAK1zmoIkNa8kbW
Which is what I will use in my following example.

You can see how this no password deal could be a problem in the future. The solution? Set a password! In fact, why not run the utility for securing your MySQL installation that comes with the the MySQL package?
Issue this command:

mysql_secure_installation

You will see this pop up in your terminal, just use the values that I have entered in, except for the password. Obviously.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 3uAK1zmoIkNa8kbW
Re-enter new password: 3uAK1zmoIkNa8kbW
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...


All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

That concludes this portion of the tutorial.